6 matches found
Cross-site Scripting (XSS)
ajaxnetprofessional is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of input validation in parse function of AjaxPro/core.js in when parsing json input which allows a malicious attacker to inject and execute arbitrary javascript...
CVE-2021-43853 Cross-Site Scripting in AjaxNetProfessional
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...
GHSA-74R6-GRJ9-8RQ6 Duplicate Advisory: Remote Code Execution in AjaxNetProfessional
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...
Remote Code Execution in AjaxNetProfessional
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. Description Serialization is a process of converting an object into a sequence of...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in AjaxNetProfessional...